Search code examples
algorithmencryptionreverse-engineeringpacketemulation

Game Server: Packet Analyzation

My favorite racing game server is shutting down shortly. Before that happens I would like to decipher as much information to work with later so my friends and I can still play.

Having hit a brick wall I thought someone with more experience than me might be able to recognize some tell-tale bytes.

I'm looking to find the ecryption and/or compression method used so I can begin to decipher it. If someone would like to take a look, I have a couple notable packets below with some notes about them. 

1d 35 05 00 0a d0 83 b5  23 33 00 00 00 01 00 0e
04 c7 00 00 6c 8b 69 28  df 40 8d 30 9b 81 5f b6
e3 8b 8f b7 4e d2 4d 48  35 40 ea 14 ce e8 65 f5
a7 cd a3 42 6c e2 d9 51  45 5f f0 b5 53 51 6d 2b
c0 e2 34 14 8f 5f 06 d4  28 e4 76 3d 5c ba 2d 11
38 76 e8 11 86 d8 58 24  91 0a af ad f4 7c ee db
ca f3 85 2f dd 73 10 cf  30 49 50 c1 77 78 ae 7e
27 2c 5d bf 4a 78 e0 b0  d2 f4 d7 66 40 f0 ad 75
75 9c 9b 9f e8 2b 32 4d  27 10 3c 31 19 73 2c 80
73 3b b8 b3 4a 78 e0 b0  d2 f4 d7 66 8c c3 08 a5
d8 40 fb f6 2b f2 04 61  47 6f 2e 0e 29 59 cc 1b
f2 13 a0 67 4a 78 e0 b0  d2 f4 d7 66 55 68 45 fd
96 21 16 b1 ed e9 86 43  e2 8b 70 5f b7 bd a3 8c
4d c3 8a e2 4a 78 e0 b0  d2 f4 d7 66 ab 6f ac bd
c1 91 f8 8e 4a 78 e0 b0  d2 f4 d7 66 46 0d 43 4f
4a b4 a2 7b 4a 78 e0 b0  d2 f4 d7 66 f7 af c5 c8
41 69 ed 27 ba c5 16 5e  c7 cf 46 d1 8a 79 70 a4
7b d6 a3 8f cc a7 76 fb  52 8b 76 6a 70 ff bb b0
01 17 8f 16 8d 5a ec cd  90 7b 11 37 36 e0 7a d5
b7 97 24 41 6d 94 13 39  17 1f f9 fc de 03 3d d4
3b 54 b6 84 1c 63 c7 48  15 de ef 8c 80 95 d3 84
d9 6d 80 47 06 31 fd 39  2d 78 b9 ac 33 40 69 40
72 52 57 fd 9a 3a 84 41  a9 4d 52 95 9f af a7 bf
80 3d 54 61 d5 fc ce 18  c7 7f 8e 3b e2 52 ee 20
a1 49 f8 ec 8a 5e fe 06  97 6c da 06 ce 84 09 95
bd 39 83 b2 20 3b 47 1b  03 a1 d3 d4 2f e0 ee 46
60 54 97 20 5b 2e 6b 3d  01 ee 3a 08 95 46 e5 e3
f0 d2 2d c4 21 0e 71 0b  2a 66 1c 2d 85 0f 55 2f
e8 7c 5c 2b 9e 8f be d3  cb 9e aa 0a f3 87 6d ee
e8 b4 8a c7 94 66 53 6c  62 93 68 e2 ed 4a 25 30
62 fd 7b 4f 3b 89 e3 59  d3 ca 47 2c 57 55 0e ea
a2 a3 f9 e8 3a 1b db 30  a5 71 64 e0 84 ae 68 f5
7c b9 04 40 d7 4e 9d 9e  4e 88 6f 5b 48 dd 7c 75
e8 93 a2 0c d7 4e 9d 9e  4e 88 6f 5b f0 b0 76 40
3b a0 c2 14 a4 4f 70 a0  f6 f9 68 65 10 b8 e3 b3
82 60 c0 e3 7b d5 7e 06  7d 38 d4 0c d7 4e 9d 9e
4e 88 6f 5b 82 f3 da ff  f5 ba 01 cd e4 c0 61 13
ed 06 81 ce 94 42 9f 47  7f 61 01 82 d7 4e 9d 9e
4e 88 6f 5b 06 ce 5d 28  17 85 72 e2 d9 09 3f 97
6f f7 a4 29 3c c8 3a 96  b1 20 95 8a aa 89 54 8a
71 2a 06 a9 ce 1f d3 63  61 54 db 95 2b f2 04 61
47 6f 2e 0e c9 16 f9 83  fe fd 59 49 69 6a 5b 9f
36 35 63 c7 df 86 d0 e8  f5 ec 27 21 e6 c0 7f 3e
cd 8c a0 bd ac 98 17 8d  dd bf 84 7c e6 c0 7f 3e
cd 8c a0 bd 6f 92 ba d1  4c 8f 37 bd e6 c0 7f 3e
cd 8c a0 bd c0 6a c3 31  ab 6c cf 86 a4 4f 70 a0
f6 f9 68 65 3b a2 22 37  83 39 a5 4e eb 84 25 c5
08 76 1a 53 e6 c0 7f 3e  cd 8c a0 bd 82 7e 70 31
d8 1c de 8d 5d f1 b4 76  8d 87 80 b6 41 a5 4c 4d
0e 1c ef a4 e6 c0 7f 3e  cd 8c a0 bd b5 06 a1 35
e8 e1 e0 9e 0b 3d a5 8f  ad eb 72 ec 09 b4 db d8
f4 0e 27 6d 4f 46 9c 93  8a 6c 99 62 f3 75 f2 a9
52 59 75 90 cd e3 f7 d0  20 de db b9 c6 bd 91 f3
1b 59 c6 14 d7 02 5b de  c8 4e 47 14 35 3c 74 f2
50 ae 3f a1 be b4 99 c0  5b 32 06 21 00 60 77 5f
14 37 3f 26 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0
f6 f9 68 65 f0 95 42 32  ff 36 3a 74 58 b0 0e c4
32 84 82 6d a7 d7 2d 61  ab 31 c7 fd ff 97 d7 ae
28 f0 61 fa 81 6b dd 60  a8 1f d4 55 21 3c 8d 22
5c bb a4 82 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0
f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0
f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 aa 89 54 8a
71 2a 06 a9 da d8 f4 fd  82 c5 ef 9a a4 89 65 af
ec 9a d7 d9 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0
f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0
f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0
f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 f1 14 06 7a
3e 83 8b ed 58 b0 0e c4  32 84 82 6d 06 75 0b 7b
d4 99 7d 60 aa ba 49 33  7e 03 ce 28 cb a5 7e 41
93 19 ea 5c 95 33 ab ef  ca d7 14 d8 a4 4f 70 a0
f6 f9 68 65 9a a4 e8 da  49 b1 e3 4f 28 22 71 95
9c a8 c1 20 ac 42 a3 6e  6e a3 54 2c 22 ba 13 23
cc df 4d f4 aa 9c a0 69  e7 77 91 5f 7b e9 8f ac
70 f0 1a 21 45 aa f0 71  df a0 d3 99 ba 40 64 58
17 2e e9 cf a4 0b 53 d8  86 89 5b 6e fd ab 78 43
98 58 c2 3c 50 ed 3a 9b  d9 dc a0 ee fc 18 d5 95
cc fd 31 be 2d 5b 5e 33  d7 fa 22 a7 69 c8 ae 34
48 7e d4 fc 37 de 4a 2c  36 5c d8 a8            

1d 35 05 00 0a d0 83 b5  23 33 00 00 00 01 00 0e
04 c7 00 00 29 c0 fa 0f  59 3c fc b6 13 24 b3 d3
ce cc 1e 87 4e d2 4d 48  35 40 ea 14 ce e8 65 f5
a7 cd a3 42 6c e2 d9 51  45 5f f0 b5 53 51 6d 2b
c0 e2 34 14 8f 5f 06 d4  28 e4 76 3d 5c ba 2d 11
38 76 e8 11 86 d8 58 24  91 0a af ad f4 7c ee db
ca f3 85 2f dd 73 10 cf  30 49 50 c1 77 78 ae 7e
27 2c 5d bf 4a 78 e0 b0  d2 f4 d7 66 40 f0 ad 75
75 9c 9b 9f e8 2b 32 4d  27 10 3c 31 19 73 2c 80
73 3b b8 b3 2b f2 04 61  47 6f 2e 0e 8c c3 08 a5
d8 40 fb f6 2b f2 04 61  47 6f 2e 0e 29 59 cc 1b
f2 13 a0 67 2b f2 04 61  47 6f 2e 0e 55 68 45 fd
96 21 16 b1 4f 46 9c 93  8a 6c 99 62 b7 bd a3 8c
4d c3 8a e2 2b f2 04 61  47 6f 2e 0e ab 6f ac bd
c1 91 f8 8e 4a 78 e0 b0  d2 f4 d7 66 46 0d 43 4f
4a b4 a2 7b 4a 78 e0 b0  d2 f4 d7 66 f7 af c5 c8
41 69 ed 27 ba c5 16 5e  c7 cf 46 d1 8a 79 70 a4
7b d6 a3 8f cc a7 76 fb  52 8b 76 6a 70 ff bb b0
01 17 8f 16 8d 5a ec cd  90 7b 11 37 36 e0 7a d5
b7 97 24 41 6d 94 13 39  17 1f f9 fc de 03 3d d4
3b 54 b6 84 1c b2 d0 c3  73 5c 25 0b 80 95 d3 84
d9 6d 80 47 bb a2 a9 62  49 53 d3 62 33 40 69 40
72 52 57 fd 89 f3 14 bf  bd 15 f4 2d 9f af a7 bf
80 3d 54 61 d5 fc ce 18  c7 7f 8e 3b e2 52 ee 20
a1 49 f8 ec b5 8e d6 79  85 9d cd 7c ce 84 09 95
bd 39 83 b2 20 3b 47 1b  03 a1 d3 d4 2f e0 ee 46
60 54 97 20 3e 7f 7a e7  e0 2a f1 77 95 46 e5 e3
f0 d2 2d c4 21 0e 71 0b  2a 66 1c 2d 85 0f 55 2f
e8 7c 5c 2b 9e 8f be d3  cb 9e aa 0a f3 87 6d ee
e8 b4 8a c7 cd 7e ce 4f  73 4c fd 0d ed 4a 25 30
62 fd 7b 4f 3b 89 e3 59  d3 ca 47 2c 57 55 0e ea
a2 a3 f9 e8 3a 1b db 30  a5 71 64 e0 84 ae 68 f5
7c b9 04 40 d7 4e 9d 9e  4e 88 6f 5b 48 dd 7c 75
e8 93 a2 0c d7 4e 9d 9e  4e 88 6f 5b f0 b0 76 40
3b a0 c2 14 a4 4f 70 a0  f6 f9 68 65 10 b8 e3 b3
82 60 c0 e3 7b d5 7e 06  7d 38 d4 0c d7 4e 9d 9e
4e 88 6f 5b 82 f3 da ff  f5 ba 01 cd e4 c0 61 13
ed 06 81 ce 94 42 9f 47  7f 61 01 82 d7 4e 9d 9e
4e 88 6f 5b 06 ce 5d 28  17 85 72 e2 d9 09 3f 97
6f f7 a4 29 3c c8 3a 96  b1 20 95 8a aa 89 54 8a
71 2a 06 a9 ce 1f d3 63  61 54 db 95 2b f2 04 61
47 6f 2e 0e c9 16 f9 83  fe fd 59 49 69 6a 5b 9f
36 35 63 c7 df 86 d0 e8  f5 ec 27 21 e6 c0 7f 3e
cd 8c a0 bd ac 98 17 8d  dd bf 84 7c e6 c0 7f 3e
cd 8c a0 bd 6f 92 ba d1  4c 8f 37 bd e6 c0 7f 3e
cd 8c a0 bd c0 6a c3 31  ab 6c cf 86 a4 4f 70 a0
f6 f9 68 65 9c b3 25 70  7c 21 66 1d eb 84 25 c5
08 76 1a 53 90 57 0c b7  3a 8f 07 50 82 7e 70 31
d8 1c de 8d f7 2a 0e 09  c5 0c 9a 39 41 a5 4c 4d
0e 1c ef a4 e6 c0 7f 3e  cd 8c a0 bd b5 06 a1 35
e8 e1 e0 9e 0b 3d a5 8f  ad eb 72 ec 09 b4 db d8
f4 0e 27 6d 4f 46 9c 93  8a 6c 99 62 f3 75 f2 a9
52 59 75 90 ad 8a 17 b8  b5 b4 5d a3 c6 bd 91 f3
1b 59 c6 14 e7 15 64 f5  d5 62 49 51 35 3c 74 f2
50 ae 3f a1 be b4 99 c0  5b 32 06 21 00 60 77 5f
14 37 3f 26 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0
f6 f9 68 65 f0 95 42 32  ff 36 3a 74 58 b0 0e c4
32 84 82 6d a7 d7 2d 61  ab 31 c7 fd 2d 61 4e d8
2a a8 9f 96 c6 36 d8 6e  07 6b 2f bd 7a c1 9a f0
66 3f c7 ed a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0
f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0
f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 aa 89 54 8a
71 2a 06 a9 da d8 f4 fd  82 c5 ef 9a 8b ff 8e 2e
7c 8c b2 cb d8 b4 32 d5  89 09 75 3a 34 0a 46 15
33 a0 78 70 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0
f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0
f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 f1 14 06 7a
3e 83 8b ed 58 b0 0e c4  32 84 82 6d 06 75 0b 7b
d4 99 7d 60 aa ba 49 33  7e 03 ce 28 cb a5 7e 41
93 19 ea 5c 95 33 ab ef  ca d7 14 d8 a4 4f 70 a0
f6 f9 68 65 9a a4 e8 da  49 b1 e3 4f 01 53 da 40
25 58 9d 0a ac 42 a3 6e  6e a3 54 2c 22 ba 13 23
cc df 4d f4 e0 31 28 a3  52 33 f5 a7 49 ec 01 d3
83 ce 13 01 dc ad 3b 01  22 14 00 b4 82 28 d3 38
8a bf 02 82 ce 88 c3 0f  1f f5 4d 50 eb 8a b7 3c
4c 87 9a a2 78 15 c6 05  66 24 dd 18 1a 01 e9 d9
61 e6 91 8d 2d 5b 5e 33  d7 fa 22 a7 69 c8 ae 34
48 7e d4 fc 25 4b 63 94  90 c2 1f 24

The prior packets (UDP, I've shown data only) are sent when I refresh the list of races people have. There are two packets (refreshed list twice), however both should contain similar data. They are different in places, so I posted both in case it gives any clues. It could be just the ordering of the list sent.

The races listed have a name, entry fee, and prize amount. So at the minimum this information has to be contained in these packets:

Grand Tantalus $100 $2970
Anya (Top-Model) $110 $5193
The judgement way $130 $2151
Pearl City $50 $18585
East to West - LH $0 $9000
Kelekole Pass $10 $72
Makiki****no cheater! $300 $79020
Koko Head Park||||| $950 $185130
nicmax -chit,go home! $50 $19260
                       $0 $0

The last race was one I created and named with only spaces (22 spaces total) to help with deciphering the information.

Also of note, it appears when you initually boot up the game, the first few packets exchanged are not encrypted:

I send this (which includes game version, my name "Mctittles", and CD key 
in plain text)

00000000  fd c7 00 3f 00 00 2a 7b  4d 43 20 31 2e 36 36 20 ...?..*{ MC 1.66 
00000010  41 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 A....... ........
00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000040  00 00 00 00 00 00 00 00  00 47 53 43 41 2d 32 4b ........ .GSCA-2K
00000050  51 4b 2d 41 59 33 43 2d  4c 43 51 58 00 4d 63 74 QK-AY3C- LCQX.Mct
00000060  69 74 74 6c 65 73 00 00  00 00 00 00 00 00 00 00 ittles.. ........
00000070  00 00 00 3d                                      ...=

Server sends this back

00000000  1d 35 01 00 ae 47 65 1c  22 b9 52 75 00 00 00 00 .5...Ge. ".Ru....
00000010  00 00 52 75 00 00 2a 7b  4d 43 20 31 2e 36 36 20 ..Ru..*{ MC 1.66 
00000020  41 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 A....... ........
00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 3a 9d ........ ......:.
00000060  00 00 52 37 00 00 06 3a  68 74 74 70 3a 2f 2f 77 ..R7...: http://w
00000070  77 77 2e 61 74 61 72 69  2e 63 6f 6d 2f 73 75 70 ww.atari .com/sup
00000080  70 6f 72 74 2f 6b 62 2f  33 32 36 36 00 00 00 00 port/kb/ 3266....
00000090  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
000000A0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
000000B0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
000000C0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
000000D0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
000000E0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
000000F0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000100  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000110  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000120  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000130  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000140  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000150  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000160  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000170  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000180  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000190  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
000001A0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
000001B0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
000001C0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
000001D0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
000001E0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
000001F0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000200  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000210  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000220  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000230  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000240  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000250  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000260  00 00 00 00 00 00 00 03                          ........ 

I send the same information again

00000074  fd c7 02 01 00 00 2a 7b  4d 43 20 31 2e 36 36 20 ......*{ MC 1.66 
00000084  41 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 A....... ........
00000094  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
000000A4  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
000000B4  00 00 00 00 00 00 00 00  00 29 62 00 00 00 3a 9d ........ .)b...:.
000000C4  00 00 52 37 00 00 06 3a  9c 2f 44 2d c4 e6 ff 0f ..R7...: ./D-....
000000D4  bc 2b 5f 0b 47 53 43 41  2d 32 4b 51 4b 2d 41 59 .+_.GSCA -2KQK-AY
000000E4  33 43 2d 4c 43 51 58 00  4d 63 74 69 74 74 6c 65 3C-LCQX. Mctittle
000000F4  73 00 00 00 00 00 00 00  00 00 00 00 00 00 62 00 s....... ......b.

Server responds 

00000268  1d 35 03 00 00 01 00 0e  0a d0 83 b5 23 28 01 00 .5...... ....#(..
00000278  68 74 74 70 3a 2f 2f 77  77 77 2e 61 74 61 72 69 http://w ww.atari
00000288  2e 63 6f 6d 2f 73 75 70  70 6f 72 74 2f 6b 62 2f .com/sup port/kb/
00000298  33 32 36 36 00 00 00 00  00 00 00 00 00 00 00 00 3266.... ........
000002A8  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
000002B8  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
000002C8  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
000002D8  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
000002E8  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
000002F8  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000308  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000318  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000328  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000338  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000348  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000358  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000368  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000378  00 00 00 00 00 00 00 9d  3a 00 00 37 52 00 00 3a ........ :..7R..:
00000388  06 00 00 2d 44 2f 9c 0f  ff e6 c4 0b 5f 2b bc 45 ...-D/.. ...._+.E
00000398  34 45 32 44 45 42 34 00  00 00 00 48 64 41 00 c0 4E2DEB4. ...HdA..
000003A8  f8 29 03 00 01 01 00 f8  9e 3a 03 a8 99 3a 03 00 .)...... .:...:..
000003B8  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
000003C8  00 00 00 00 00 00 00 00  00 00 00 7a 1d 62 25 00 ........ ...z.b%.
000003D8  00 00 a4 76 65 72 73 69  6f 6e 73 2f 54 65 73 74 ...versi ons/Test
000003E8  44 72 69 76 65 55 6e 6c  69 6d 69 74 65 64 2d 4f DriveUnl imited-O
000003F8  6e 6c 69 6e 65 44 69 73  74 72 69 62 2d 4d 43 20 nlineDis trib-MC 
00000408  31 2e 36 36 20 41 2e 65  78 65 00 00 00 00 00 00 1.66 A.e xe......
00000418  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000428  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000438  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000448  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000458  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000468  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........

After this it becomes encrypted
Me:

00000104  fd c7 04 01 0a d0 83 b5  23 28 06 00 00 01 00 0e ........ #(......
00000114  01 1a 81 7c cf 45 60 14  53 6f 5f b9 8b ff e7 2b ...|.E`. So_....+
00000124  61 29 de 13 94 67 0e 25  e5 ac 8b 02 63 f1 25 7e a)...g.% ....c.%~
00000134  a4 f7 99 be 21 40 7f c0  f5 22 8a 35 b4 ac 2d 34 ....!@.. .".5..-4
00000144  23 b7 a7 80 79 4c 68 85  1e 74 60 15 8e 65 2b 11 #...yLh. .t`..e+.
00000154  c5 45 0e 50 9e 31 ba a5  d0 5f b6 d6 a4 4f 70 a0 .E.P.1.. ._...Op.
00000164  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000174  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000184  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000194  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
000001A4  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
000001B4  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
000001C4  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
000001D4  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
000001E4  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
000001F4  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000204  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000214  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000224  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000234  f6 f9 68 65                                      ..he

Server:

00000478  1d 35 05 00 0a d0 83 b5  23 28 00 00 00 01 00 0e .5...... #(......
00000488  04 0a 00 00 50 47 4d 5a  e8 bb 11 6c ee 82 22 a5 ....PGMZ ...l..".
00000498  15 1b 74 18 59 09 12 b0  a4 59 dd ed 17 10 62 f1 ..t.Y... .Y....b.
000004A8  e4 35 c5 6e df f7 63 51  9d 0f 68 25 cf ac 1f 60 .5.n..cQ ..h%...`
000004B8  35 6c 33 3d 9c 29 fb bf  6a 8a e6 8e a2 7f 9d dc 5l3=.).. j.......
000004C8  62 a6 40 ac d8 92 70 66  ad 76 fb e5 16 3d 03 89 [email protected] .v...=..
000004D8  a5 d3 b4 a4 41 9e 67 86  be 1f f4 17 d6 8b b8 a2 ....A.g. ........
000004E8  52 58 03 1a 7c 7a 0c 50  78 e2 ca b1 bb 9f 7a 07 RX..|z.P x.....z.
000004F8  78 cd be ec 57 77 88 6b  09 fa 14 b9 6f 0c ac c0 x...Ww.k ....o...
00000508  4c 9a 16 e9 11 d8 b7 c2  f7 4f a0 3e e0 dd be fe L....... .O.>....
00000518  ce 1a 3a a0 63 c0 01 15  6d ec 8c 1b 3e e7 a0 00 ..:.c... m...>...
00000528  2c 5b 5d 86 ed ee 6c 69  df 7a b8 47 d8 82 69 e6 ,[]...li .z.G..i.
00000538  c7 21 eb e0 b9 47 9e a1  ca 5c 5d 3e 00 01 c7 51 .!...G.. .\]>...Q
00000548  3f 04 c4 06 f5 5a 43 14  03 65 84 ef a4 4f 70 a0 ?....ZC. .e...Op.
00000558  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000568  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000578  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000588  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000598  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
000005A8  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
000005B8  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
000005C8  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
000005D8  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
000005E8  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
000005F8  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000608  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000618  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000628  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000638  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000648  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000658  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000668  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000678  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000688  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000698  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
000006A8  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
000006B8  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
000006C8  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
000006D8  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
000006E8  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
000006F8  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000708  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000718  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000728  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000738  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000748  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000758  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000768  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000778  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000788  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000798  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
000007A8  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
000007B8  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
000007C8  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
000007D8  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
000007E8  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
000007F8  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000808  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000818  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000828  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000838  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000848  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000858  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000868  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000878  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 a4 4f 70 a0 ..he.Op. ..he.Op.
00000888  f6 f9 68 65 a4 4f 70 a0  f6 f9 68 65 00 d8 ad 79 ..he.Op. ..he...y
00000898  a8 ef 0c 3e                                      ...>

and so on...

The server does not appear to do much outside of connecting players and listing games. The main bulk of gameplay is transferred from player to player ip, which incidentally is in plain text. If I could just decipher these packets I should be able to replace their connection/listing server and still play.

Thanks for having a look, maybe I'll get lucky and someone will see something I haven't.

Solution

  • It's almost impossible just to look at the data and figure out the format. In the best case scenario, it could work for super simple formats (as example, just a list of strings separated by null terminator). However, as soon as you have anything a little bit more complex, you will have no idea what the data mean.

    I recommend to come to this from another angle. As I understand you should have a client for the server. You can reverse engineer it and look inside how it communicates with the server. It also quite time consuming. However, this way you will be able to learn way more about the protocol which they are using.